A Missouri man has lost his legal battle against an online prescription processor that suffered a security breach that exposed highly sensitive subscriber information.
John Amburgy alleged that Express Scripts was negligent because it failed to adequately safeguard customer data, including names, dates of birth, social security …

A better analogy (involving cars) would be...

This is more like this person was placed blindfolded in the middle of the motorway.

No harm has been done by the company that actually placed him there. The harm will be done by the bus who will eventually hit the person standing in the middle of the road, after which that person can try to connect him being hit by a bus with the fact of this company actually placing him in the middle of the road to begin with (if he survives).

On the other hand, the cars may evade this person for quite some time.

A bit harsh on bus drivers

@Bogus lawsuit, you're wrong

The example you give is childish and irrelevant.

When you suffer from loss of data as in this case, depending on how important the data is, you may have to spend some time and money replacing and investigating exactly how these details being lost can affect you or your business.

Think about it...

Why should it matter if it is person suing a company, or a company is sue another company for negligence?

Bank, sues TJMAX cause TJMAX was negligent in keeping credit information secure. Banks will sue and recover after a breach of Payment Card information to recover their risk, and "potential damages", and cost incurred for monitoring (which I believeTJMAX actual paid for, not the banks or other credit card companies). Does it have to be that each and every one of those credit cards was used or the credit card companies or banks couldn't sue and try to recover costs due to this companies negligence? Why should this differ for a consumer and a company?

What if start up company A tries to make it big in cloud computing, putting information out in the cloud. Well that database gets hack, and it is known that the lots credit card information, social security numbers, addresses and work history was taken. My identify at that time, isn't stolen or my information used... but I get free monitoring for 2 years, but 1 or even 4 years later company A is gone, has been dissolved, failed, closed its doors and then my identify gets taken and it can be proven to be related to that breach that occurred 4 years ago, should I be the one SOL though that company was negligent?

fine in a singular loss...

However , 3 organisations tell me that they have suffered data security breaches. If I subsequently have my identity stolen and suffer actual loss, Would I then have to prove which company loss provided the data was used to steal my identity?

The structure of the laws governing corporate culpability are built with lobbyist induced loopholes. Really creaming any company that loses data is the only option. Companies can take out insurance against losses In the same way they carry public liability insurance. The treating of personal loss should not be any different because it involves data.

The Individual HAS suffered a loss and injury (the time taken to change any user controlled temporal data (e.g. passwords) . And the time taken to clarify what has been stolen and how it was protected by encryption ; one government agency gave bland assurances that bore no scrutiny ("they would need an identical network set up to extract the data"). and of course the attendant anxiety.

Corporate law allow a water muddling disconnect , that usually protect s the individual who's (in) actions allow the breach and the chain of command above them. The "I was only following orders" and " I can't be held responsible for the actions of everyone under my direction" bifurcation.

Perhaps ensuring that liability stretches all the way to the board room or minister's office is enshrined in the corporate liability laws might make companies take the protection of other people's valuable data more seriously.

They should learn from the UK DPA then..

Which shows me.......

That Judges are just as large arsehole;s in the USA as they are in the UK, in the main I should say. It also shows me ,again, that there is no such thing as "Justice" , the Court system is just a plaything for rich people will taxpayers money to burn ,luke Bankers. To the ordinary man on street the Court system is like paying with a grenade, it may blow up and destroy you in your pursuit of justice.

@ J O'H

Duty of care?

Is it culpable negligence or contributory negligence for one person to knowingly place at increased risk another person?

Should harm then follow as a consequence then the person left at risk and consequently harmed has two parties in sight: the one creating harm and the other negligent in fact placing a person in increased risk of harm.

Now suppose that rather than two living parties one party was alive.

I chained a person ('bots note bien: one is speaking/writing/typing metaphorically now) to a beach for a laugh so that they would get wet when tide came in. I made sure that it was on part of a beach that gets 6" of sea water (well it did in the last 48 hours).

What i did not realise was that there was going to be a major tide this night and rather than 6" of tide there were 18"